DivX Web Player NPDIVX32.DLL ActiveX Control Resize Method Remote Denial of Service Vulnerability

Bugtraq ID:	22776
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1294
Remote:	Yes
Local:	No
Published:	Mar 01 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	shinnai <[email protected]> discovered this vulnerability.
Vulnerable:	DivX Inc. DivX Web Player 1.3
Not Vulnerable:

DivX Web Player NPDIVX32.DLL ActiveX Control Resize Method Remote Denial of Service Vulnerability

DivX Web Player is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

The DivX Web Player version included with DivX Player 1.3.0 is vulnerable to this issue.

DivX Web Player NPDIVX32.DLL ActiveX Control Resize Method Remote Denial of Service Vulnerability

An example exploit has been provided:

• /data/vulnerabilities/exploits/22776.html

DivX Web Player NPDIVX32.DLL ActiveX Control Resize Method Remote Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

DivX Web Player NPDIVX32.DLL ActiveX Control Resize Method Remote Denial of Service Vulnerability

References:

• DivX Web Player Product Page (DivX Inc.)
  
• Microsoft Knowledge Base Article 240797 (Microsoft)